New CCNA – IOS Questions
Note: If you are not sure about Cisco IOS, please read our Cisco Router Boot Sequence Tutorial and Cisco Command Line Interface CLI.
Question 1
Which command encrypts all plaintext passwords?
A. Router# service password-encryption
B. Router(config)# password-encryption
C. Router(config)# service password-encryption
D. Router# password-encryption
Answer: C
Question 2
What can be done to secure the virtual terminal interfaces on a router? (Choose two)
A. Administratively shut down the interface.
B. Physically secure the interface.
C. Create an access list and apply it to the virtual terminal interfaces with the access-group command.
D. Configure a virtual terminal password and login process.
E. Enter an access list and apply it to the virtual terminal interfaces using the access-class command.
Answer: D E
Explanation
It is a waste to administratively shut down the interface. Moreover, someone can still access the virtual terminal interfaces via other interfaces -> A is not correct.
We can not physically secure a virtual interface because it is “virtual” -> B is not correct.
To apply an access list to a virtual terminal interface we must use the “access-class” command. The “access-group” command is only used to apply an access list to a physical interface -> C is not correct; E is correct.
The most simple way to secure the virtual terminal interface is to configure a username & password to prevent unauthorized login -> D is correct.
Question 3
Refer to the exhibit. Why is flash memory erased prior to upgrading the IOS image from the TFTP server?
|
Router# copy tftp flash verifying checksum… OK (0x7BF3) |
A. The router cannot verify that the Cisco IOS image currently in flash is valid
B. Flash memory on Cisco routers can contain only a single IOS image.
C. Erasing current flash content is requested during the copy dialog.
D. In order for the router to use the new image as the default, it must be the only IOS image in flash.
Answer: C
Explanation
During the copy process, the router asked “Erasing flash before copying? [confirm]” and the administrator confirmed (by pressing Enter) so the flash was deleted.
Note: In this case, the flash has enough space to copy a new IOS without deleting the current one. The current IOS is deleted just because the administrator wants to do so. If the flash does not have enough space you will see an error message like this:
| %Error copying tftp://192.168.2.167/ c1600-k8sy-mz.l23-16a.bin (Not enough space on device) |
Question 4
How does using the service password encryption command on a router provide additional security?
A. by encrypting all passwords passing through the router
B. by encrypting passwords in the plain text configuration file
C. by requiring entry of encrypted passwords for access to the device
D. by configuring an MD5 encrypted key to be used by routing protocols to validate routing exchanges
E. by automatically suggesting encrypted passwords for use in configuring the router
Answer: B
Explanation
By using this command, all the (current and future) passwords are encrypted. This command is primarily useful for keeping unauthorized individuals from viewing your password in your configuration file.
Question 5
What is a global command?
A. a command that is available in every release of IOS, regardless of the version or deployment status
B. a command that can be entered in any configuration mode
C. a command that is universal in application and supports all protocols
D. a command that is implemented in all foreign and domestic IOS versions
E. a command that is set once and affects the entire router
Answer: E
Explanation
A global command is a command in this form:
Device(config)#
This mode can affect the entire router/switch.
For more information about modes in Cisco devices, please read my Cisco Command Line Interface CLI tutorial.
Question 6
Refer to the exhibit.
| line vty 0 4 password 7 030752180599 login transport input ssh |
What is the effect of the configuration that is shown?
A. It configures SSH globally for all logins.
B. It tells the router or switch to try to establish an SSh connection first and if that foils to use Telnet.
C. It configures the virtual terminal lines with the password 030752180500.
D. It configures a Cisco network device to use the SSH protocol on incoming communications via the virtual terminal ports.
E. It allows seven failed login attempts before the VTY lines are temporarily shutdown.
Answer: D
Question 7
Which router IOS commands can be used to troubleshoot LAN connectivity problems? (Choose three)
A. ping
B. tracert
C. ipconfig
D. show ip route
E. winipcfg
F. show interfaces
Answer: A D F
Explanation
The ping command can be used to test if the local device can reach a specific destination -> A is correct.
“tracert” is not a valid command in Cisco IOS commands, the correct command should be “traceroute” -> B is not correct.
The ipconfig command is not a valid command in Cisco IOS too -> C is not correct.
The “show ip route” command can be used to view the routing table of the router. It is a very useful command to find out many connectivity problems (like directly connected networks, learned network via routing protocols…) -> D is correct.
“winipcfg” is an old tool in Windows 95/98 to view IP settings of the installed network interfaces. But it is not a valid command in Cisco IOS commands -> E is not correct.
The “show interfaces” command is used to check all the interfaces on the local device only. It has very limited information to trouble LAN connectivity problem but it is the most reasonable to choose -> F is acceptable.
Question 8
Which command shows your active Telnet connections?
A. show sessions
B. show cdp neighbors
C. show users
D. show queue
Answer: A
Question 9
Which command would you configure globally on a Cisco router that would allow you to view directly connected Cisco devices?
A. enable cdp
B. cdp enable
C. cdp run
D. run cdp
Answer: C
Question 10
A network administrator needs to allow only one Telnet connection to a router. For anyone viewing the confguration and issuing the show run command, the password for Telnet access should be encrypted. Which set of commands will accomplish this task?
A. service password-encryption
access-list 1 permit 192.168.1.0 0.0.0.255
line vty 0 4
login
password cisco
access-class 1
B. enable password secret
line vty 0
login
password cisco
C. service password-encryption
line vty 1
login
password cisco
D. service password-encryption
line vty 0 4
login
password cisco
Answer: C
Question 11
What is the effect of using the service password-encryption command?
A. Only passwords configured after the command has been entered will be encrypted.
B. Only the enable password will be encrypted.
C. Only the enable secret password will be encrypted
D. It will encrypt the secret password and remove the enable secret password from the configuration.
E. It will encrypt all current and future passwords.
Answer: E
Explanation
The secret password (configured by the command “enable secret “) is always encrypted even if the “service password-encryption” command is not used. Moreover, the secret password is not removed from the configuration with this command, we still see it in encrypted form in the running-config -> D is not correct.
The “enable password ” does not encrypt the password and can be viewed in clear text in the running-config. By using the “service password-encryption” command, that password is encrypted (both current and future passwords) -> A is not correct, E is correct.
Answer B – Only the enable password will be encrypted seems to be correct but it implies the secret password will not be encrypted and stay in clear text, which is not correct.
For your information, the secret password is encrypted with MD5 one-way hash algorithm which is harder to break than the encryption algorithm used by the “service password-encryption” command.
I tested q10 on PT,there was no problem when i wrote line vty 0
i.e R –
line vty 0
password cisco
login
,and when connecting from PC it connected to router.
p.s yes,PT dosnt use real IOS,but anyway it is v6,so i doupt that PT doesnt work correctly.
no there is difference in commands between service password encryption & enable password secret so thats y option C is correct
well PT is nothing compared to real IOS, and “enable password secret ” makes a text only password that everyone can see for priviledge mode. it does not encrypt anything, the only one that “encrypts- actually makes a hash algorithm” is service password-encrypion making all passwords encrypted
please send me the last dumps: browmano@gmail.com
Please send the latest dump to falhomis@gmail.com
what is the different between line vty 0 4 & line vty 1 ?
line vty 0 4 means ;
5 (0,1,2,3,4) connections at the same time can be made.
line vty 0 or line vty 1 … means, connection can be made by one user at the same time.
Please send the latest dumps to sudhinnksc@gmail.com
Appreciated you help
Am preparing for CCNA 200-120 Please send the latest dumps to rbasenge@gmail.com
pls send last dumps
Please send latest Dump to: borkay@gmail.com
Thanks!
Konan – Thats because only vty line 0 has a login. Your telnet client tries all open line first.. so it would have hit line 1 which had no login command.
need latest dumps share me latest if anyone is having at coolbluue@yahoo.com
Am preparing for CCNA 200-120. Please send the latest dumps to bernardkim33@gmail.com
Am preparing for CCNA 200-120. Please send the latest dumps to mohamedansary.guc@gmail.com
I cleared 200-120
Question 2, 3 & 9 in today’s exam
Almost all questions from 9tut
Thanks everyone :)
can anyone give me the new V.C.E 3.4.2 crack version?????plzzzz hurry
I am preparing for CCNA 200-120. Please send the latest dumps on syedanwar81@yahoo.com
Anyone pls send me the latest CCNA dump? I am preparing for the vendor exam.
shahriaralam88@gmail.com
Hi there everyone, I am planning to take CCNA exam next month, but i don’t know how to start and what best materials should I study/review to sure pass the exam. Can someone send me latest dumps as what I’m seeing in here. I highly appreciate and many thanks to all. My e-mail is “caipols@yahoo.com”
mr Konan
if u see q 10 u can see the choose line vty 0 is right but the password will not encrypted because the line enable password will not encrypt the password so this choosen us fulse becasuse of enable password not for lin
Anyone knows a website like 9tut for comptia a+ cert
I’m preparing for CCNA 200-120.
I am preparing for CCNA 200-120. Please send the latest dumps on snoicer1877@gmail.com
Pleazzzzzzzz Help
Can anyone send me last CCNA dumps, i have to pass the exam after two week
My email: socar1650@hotmail.com
Thanks a lot.
Hello. can anyone send me the latest dump on ccna. my exams is on tuesday 8 Apr.
My email is : ashvin.007@hotmail.com
I am preparing for CCNA 200-120. Please send the latest dumps on krc.lucky@yahoo.com
Can anyone send me last CCNA dumps, i have to pass the exam after two week
My email: silencer007@yahoo.com
Thanks a lot
please send me latest question who are already attend CCNA exam.
please send me latest question who are attend CCNA exam.
Please send the latest dump to eng.m.f.elsayed@gmail.com
please send the larest dumps to navneeth2004@yahoo.com i got my exam in one month’s time it will be of great help
Am preparing for CCNA 200-120. Please send the latest dumps to bangalor30@gmail.com
Please send me the latest dumps to a_margys@yahoo.com
Thanks in advance
plz send me the latest dumps on noumannaseem786@gmail.com
thnx
Friends please send me latest dumps to tanveerpasha04@gmail.com
Thanks
I need some explaination for q 1. I understand that if switch do not know the mac address, it send out broadcast. But will not that broadcast related to knowing the mac address, which is ARP. So in my opinion answer to question 1 will be d rather than c.
Friends i have exam on 30 Apr 2014 can someone send me a latest dumps to the nadarsarojkumar@gmail.com
please i’m going to write exam CCNA 200-120 Please send the latest dumps to ybouhnouni@gmail.com
thank’s
I’m going to take the exam in 2 weeks. Please, send me the latest dumps to trina_666@hotmail.com Thanks in advance! :)
Please send me the latest dumps to gamal_a_e@yahoo.com, thanks in advace
kindly send the latest dumps to melearning2014@gmail.com. regards
Plz share letest dumps my exam date is 1st june
@ ====> murtaza.iscs@gmail.com
Q3 and 9 were in today exam
Hi there,
If anybody need CCNA dumps, drop me a mail to nifras55electrical@gmail.com
Note: You should download and install Visual Cert (VCE) software in order to view the dumps
All the best for your exam
Best Regards
q. no. 3 was in exam today
Please, can anybody send me the latest CCNA dumps to eljneed76@gmail.com
Thanks.
please can anybody send me the latest ccna dumps to yaddalasrinivas@gmail.com
plxx can any1 send me latest CCNA dumps @ harrisf1990@gmail.com